Abstract:

A method and system for program protection based on a .NET card. The
method includes compiling, by a first device, first source code into a
first assembly, and storing the first assembly to a .NET card.
Information of a remotely invoked class in the first source code is
extracted to form a new class. A remote invocation instruction is written
in the new class to generate second source code. The second source code
is compiled into a second assembly, and the .NET card and the second
assembly are provided to a second device. The second device executes the
second assembly, remotely invoking the class in the first source code,
executing the class at the .NET card via an interface of the .NET card,
and receiving an execution result returned by the .NET card. The system
includes a .NET card, a first device and a second device.

Claims:

1. A method for program protection based on a .NET card,
comprising:compiling, by a first device, first source code into a first
assembly, and storing the first assembly to a .NET card; extracting, by
the first device, a namespace and a method of a remotely invoked class in
the first source code to form a new class, writing in the new class a
remote invocation instruction for remotely invoking the class in the
first source code to generate second source code, compiling the second
source code into a second assembly, and providing the .NET card and the
second assembly to a second device;executing the second assembly, by the
second device after obtaining the .NET card and the second assembly,
remotely invoking the class in the first source code, executing the class
at the .NET card via an interface of the .NET card, and receiving an
execution result returned by the .NET card.

2. The method for program protection based on a .NET card according to
claim 1, whereinthe second device remotely invokes the class in the first
source code via a client channel and receives the execution result
returned by the .NET card via a service channel; the client channel
implements an IChannelSender interface and an IChannel interface of
Microsoft, the service channel implements an IChannelReceiver interface
and an IChannel interface of Microsoft.

3. The method for program protection based on a .NET card according to
claim 2, whereinthe client channel and the service channel communicate
via a PS/SC, HID or SCSI interface.

4. The method for program protection based on a .NET card according to
claim 1, whereinthe first source code is written in C#, VB.NET, J# or
C++;the second source code is written in C#, VB.NET, J# or C++.

5. The method for program protection based on a .NET card according to
claim 1, whereinthe first assembly stored in the .NET card is a .NET
managed DLL file which can be invoked by other assemblies.

6. A system for program protection based on a NET card, comprising a NET
card, a first device and a second device, whereinthe .NET card
comprises:a storage module adapted to store a first assembly obtained by
compiling first source code;an interface module adapted to communicate
with the second device when the first assembly stored in the storage
module is invoked by the second device;an execution module adapted to
execute the first assembly when the first assembly stored in the storage
module is invoked by the second device,the first device comprises:a
parsing module adapted to parse and obtain a remotely invoked class in
the first source code;a processing module adapted to extract a namespace
and a method of the class obtained by the parsing module to form a new
class, and write in the new class an instruction for remotely invoking
the class in the first source code to generating second source code;a
compiling module adapted to compile the first source code into the first
assembly, and compile the second source code obtained by the processing
module into a second assembly,the second device comprises:a storage
module adapted to store the second assembly generated by the compiling
module of the first device;an invocation module adapted to execute the
second assembly stored in the storage module of the second device, and
invoke the first assembly stored in the .NET card via an interface of the
NET card when the remote invocation instruction is executed, and receive
an execution result returned by the .NET card via the interface of the
.NET card.

7. The system for program protection based on a .NET card according to
claim 6, whereinthe parsing module is a syntactic parser.

8. The system for program protection based on a .NET card according to
claim 6, whereinthe first source code is written in C#, VB.NET, J# or
C++;the second source code is written in C#, VB.NET, J# or C++.

9. The system for program protection based on a .NET card according to
claim 6, whereinthe first assembly stored in the storage module of the
.NET card is a .NET managed DLL file which can be invoked by other
assemblies.

10. The system for program protection based on a .NET card according to
claim 6, whereinthe invocation module of the second device is adapted to
execute the second assembly stored in the storage module of the second
device, invoke the first assembly stored in the .NET card via a client
channel of the second device when the remote invocation instruction is
executed, and receive the execution result returned by the .NET card via
a service channel of the .NET card; the client channel implements an
IChannelSender interface and an IChannel interface of Microsoft, the
service channel implements an IChannelReceiver interface and an IChannel
interface of Microsoft.

11. The system for program protection based on a .NET card according to
claim 10, whereinthe client channel and the service channel communicate
via a PS/SC, HID or SCSI interface.

Description:

[0001]This application claims the benefit of Chinese Patent Application
200810103240.9, titled "A METHOD FOR PROGRAM PROTECTION BASED ON A .NET
CARD AND A SYSTEM THEREOF", filed with the Chinese Patent Office on Apr.
1, 2008, which is hereby incorporated by reference in its entirety

FIELD OF THE INVENTION

[0002]The present invention relates to the field of information security
and in particular to a method for program protection based on a .NET card
and a system thereof.

BACKGROUND OF THE INVENTION

[0003]As Microsoft's new-generation technical platform, .NET is a new and
Internet-based language-neutral software development platform, conforming
to the trend of distributed computing, component-oriented development,
enterprise-oriented application, Software-as-a-Service and Web-centered
development in the software industry. .NET is not a programming language.
Multiple programming languages are supported by the .NET platform. A
prominent feature of .NET is its support for interactions via Web between
users and various smart devices, with controls administrated by the user
instead of an application. Therefore the experience with Microsoft .NET
brought by smart devices connected with XML Web services is personalized
and comprehensive. The smart devices are tools having Web functions, such
as personal computers, handhelds and smart phones. With installed
software, these devices are more intelligent while interacting with
users, networks, information and other devices and services.

[0004]A virtual machine can be viewed as a software emulation of a machine
with hardware such as processer, memory and register, by which various
instructions can be emulated. There are no special requirements for the
runtime environment by software running on the machine; hence the virtual
machine is transparent to the programs running on it. For example, an x86
virtual machine emulates a runtime environment of x86 instructions and
programs, and a c51 virtual machine emulates a runtime environment of c51
instructions and programs.

[0005]As Remote Method Invocation (RMI) develops, it has been implemented
with many frameworks such as DCE/RPC, CORBA, DCOM, MTS/COM+, Java RMI,
Java EJB, Web Services/SOAP/XML-RPC and .NET Remoting. Microsoft .NET
Remoting provides a framework allowing objects to interact with one
another via an application domain. It is known that Web services only
provide a simple and more understandable implementation of cross-platform
and language-neutral interactions. .NET Remoting is a significant change
to Web services, like Asp to CGI. .NET Remoting provides an extendable
framework supporting different transmission mechanisms (built-in HTTP and
TCP), different encoding rules (SOAP and binary code) and security
configurations (IIS or SSL) while providing various services such as
activation and life cycle support.

[0006]However, Microsoft .NET Remoting normally imports service-side DLLs
to an assembly for compiling and executing, which is not suitable for
privilege separation. Moreover, if the content is important and
confidential, disclosing the imported contents would be harmful for
program protection to those developers.

[0007]A .Net card is a smart card with embedded microprocessor which can
execute .NET programs.

SUMMARY OF THE INVENTION

[0008]In order to improve the security of a program while being remotely
invoked, a method and a system for program protection based on a .NET
card are provided.

[0009]A method for program protection based on a .NET card is provided,
including:

[0010]compiling, by a first device, first source code into a first
assembly, and storing the first assembly to a .NET card; extracting, by
the first device, a namespace and a method of a remotely invoked class in
the first source code to form a new class, writing in the new class a
remote invocation instruction for remotely invoking the class in the
first source code to generate second source code, compiling the second
source code into a second assembly, and providing the .NET card and the
second assembly to a second device;

[0011]executing the second assembly, by the second device after obtaining
the .NET card and the second assembly, remotely invoking the class in the
first source code, executing the class at the .NET card via an interface
of the .NET card, and receiving an execution result returned by the .NET
card.

[0012]The second device remotely invokes the class in the first source
code via a client channel and receives the execution result returned by
the .NET card via a service channel; the client channel implements an
IChannelSender interface and an IChannel interface of Microsoft, the
service channel implements an IChannelReceiver interface and an IChannel
interface of Microsoft.

[0013]The client channel and the service channel communicate via a PS/SC,
HID or SCSI intereface.

[0014]The first source code is written in C#, VB.NET, J# or C++;

[0015]the second source code is written in C#, VB.NET, J# or C++.

[0016]The first assembly stored in the .NET card is a .NET managed DLL
file which can be invoked by other assemblies.

[0017]A system for program protection based on a .NET card includes: a
.NET card, a first device and a second device.

[0018]The .NET card includes:

[0019]a storage module adapted to store a first assembly obtained by
compiling first source code;

[0020]an interface module adapted to communicate with the second device
when the first assembly stored in the storage module is invoked by the
second device;

[0021]an execution module adapted to execute the first assembly when the
first assembly stored in the storage module is invoked by the second
device.

[0022]The first device includes:

[0023]a parsing module adapted to parse and obtain a remotely invoked
class in the first source code;

[0024]a processing module adapted to extract a namespace and a method of
the class obtained by the parsing module to form a new class, and write
in the new class an instruction for remotely invoking the class in the
first source code to generate second source code;

[0025]a compiling module adapted to compile the first source code into the
first assembly, and compile the second source code obtained by the
processing module into a second assembly.

[0026]The second device includes:

[0027]a storage module adapted to store the second assembly generated by
the compiling module of the first device;

[0028]an invocation module adapted to execute the second assembly stored
in the storage module of the second device, and invoke the first assembly
stored in the .NET card via an interface of the .NET card when the remote
invocation instruction is executed, and receive an execution result
returned by the .NET card via the interface of the .NET card.

[0029]The parsing module is a syntactic parser.

[0030]The first source code is written in C#, VB.NET, J# or C++;

[0031]the second source code is written in C#, VB.NET, J# or C++.

[0032]The first assembly stored in the storage module of the .NET card is
a .NET managed DLL file which can be invoked by other assemblies.

[0033]The invocation module of the second device is adapted to execute the
second assembly stored in the storage module of the second device, invoke
the first assembly stored in the .NET card via a client channel of the
second device when the remote invocation instruction is executed, and
receive the execution result returned by the .NET card via a service
channel of the .NET card; the client channel implements an IChannelSender
interface and an IChannel interface of Microsoft, the service channel
implements an IChannelReceiver interface and an IChannel interface of
Microsoft.

[0034]The client channel and the service channel communicate via a PS/SC,
HID or SCSI interface.

[0035]Technical effects brought about by the above solutions are:

[0036]Protected source code is compiled into an assembly and written into
a .NET card, and a new assembly including a remote invocation instruction
is generated based on a remotely invoked class in the source code.
Therefore a user can add the new assembly directly to his project and
use, which is easy and may reduce the workload. Furthermore, the assembly
written to the .NET card is prevented from being disclosed, thereby
guaranteeing the safety of the code.

BRIEF DESCRIPTION OF THE DRAWINGS

[0037]FIG. 1 is a flow chart illustrating a method for program protection
based on a .NET card according to an embodiment of the invention;

[0038]FIG. 2 is a structural diagram illustrating a system for program
protection based on a .NET card according to another embodiment of the
invention.

DETAILED DESCRIPTION OF THE INVENTION

[0039]Objects, technical solutions and advantages of the invention will be
easily understood by reference to the following description of
embodiments when read in conjunction with the accompanying drawings.

[0040]A method for program protection based on a .NET card is provided
according to an embodiment of the invention, including: compiling, by a
first device, first source code into a first assembly, and storing the
first assembly in a .NET card; extracting, by the first device, a
namespace and a method of a remotely invoked class in the first source
code to form a new class, writing in the new class a remote invocation
instruction for remotely invoking the class in the first source code to
generate second source code, compiling the second source code into a
second assembly, and providing the .NET card and the second assembly to a
second device; executing the second assembly, by the second device on
receipt of the .NET card and the second assembly, remotely invoking the
class in the first source code, executing the class at the .NET card via
an interface of the .NET card, and receiving an execution result returned
by the .NET card.

Embodiment 1

[0041]With reference to FIG. 1, a method for program protection based on a
.NET card is provided according to an embodiment of the invention. The
method includes:

[0042]Step 101: a first device compiles first source code into a first
assembly, and stores the first assembly in a .NET card, normally an
internal storage of the .NET card.

[0043]In this embodiment, the first source code is written in C++ by a
software developer, and provided to a .NET card producer. The .NET card
producer compiles the first source code into the first assembly and
stores the first assembly in the .NET card. In practice, the first source
code can also be written in C#, VB.NET or J#. In the embodiment, the
first device is a device of the .NET card producer for operations such as
compiling, parsing, and processing.

[0044]In addition, the first assembly above is a .NET managed DLL file
which can be invoked by other assemblies.

[0045]Step 102: the first device parses a remotely invoked class in the
first source code, extracts a namespace and a method of the remotely
invoked class in the first source code to form a new class, and writes in
the new class a remote invocation instruction for remotely invoking the
class in the first source code to generate second source code.

[0046]Parsing the first source code includes obtaining, by the .NET card
producer, the integrated environment information by using a plug-in, and
parsing the remotely invoked class in the first source code by using a
parser. In the embodiment, the parser is a syntactic parser, the new
class is formed by empty functions, and both the remotely invoked class
and the new class above are classes that inherit the MarshalByRefObject
class.

[0047]Step 103: the first device compiles the second source code into a
second assembly, and provides the second assembly and the .NET card to a
second device.

[0048]Generally, the steps 101 to 103 are performed by the .NET card
producer who receives the first source code using the .NET card and
corresponding software. In the embodiment, both the second assembly and
the .NET card are provided to a user by the .NET card producer, so that
the user can select a class to be invoked from the second assembly
according to actual situations and performs a related operation with the
.NET card.

[0049]Step 104: the second device executes the second assembly after
obtaining the second assembly and the .NET card, and remotely invokes the
class in the first source code.

[0050]In the embodiment, the second device is a device of a .NET card
user. Before executing the second assembly, the .NET card user who
obtains the second assembly and the .NET card writes the second assembly
completely in an application that the user develops. While running, if
necessary, the application invokes the second assembly written in the
application, and the second assembly further invokes a corresponding
class in the first assembly stored in the .NET card, and completes
execution of the application.

[0051]Step 105: when the remote invocation instruction in the second
assembly is executed, the second device executes the class corresponding
to the instruction in the .NET card, and receives a returned execution
result via an interface of the .NET card. The application containing the
second assembly continues running at that time.

[0052]In the embodiment, specifically, the remote invocation instruction
is remoting. When the second assembly in the application is executed, an
application-side Client Framework is invoked according to the remote
invocation instruction. The Client Framework includes a client channel
ClientChannel which invokes the first assembly according to the ISO7816
protocol. The first assembly is executed in the .NET card, after which
the .NET card returns the execution result to the client channel
ClientChannel via a service channel of the .NET card ServerChannel. The
communication between the client channel ClientChannel and the service
channel ServerChannel can be done via a PC/SC, HID or SCSI interface. The
service channel ServerChannel built in the .NET card implements an
IChannelReceiver interface and an IChannel interface of Microsoft. The
client channel ClientChannel built in the client framework implements an
IChannelSender interface and an IChannel interface of Microsoft.

Embodiment 2

[0053]With reference to FIG. 2, a system for program protection based on a
.NET card is provided according to an embodiment of the invention. The
system includes a .NET card, a first device and a second device.

[0054]The .NET card includes:

[0055]A storage module adapted to store a first assembly obtained by
compiling first source code. In the embodiment, the first source code is
written in C++ by a software developer, and provided to a .NET card
producer. The .NET card producer compiles the first source code into the
first assembly and stores the first assembly in the .NET card.

[0056]An interface module adapted to communicate with the second device
when the first assembly stored in the storage module is invoked by the
second device. Specifically, the .NET card receives invocation
information from the second device via the interface module. An execution
result is sent to the second device via the interface module when the
invocation is completed.

[0057]An execution module adapted to execute the first assembly when the
first assembly stored in the storage module is invoked by the second
device. In the embodiment, the first assembly is executed inside the .NET
card.

[0058]The first device includes:

[0059]A parsing module adapted to parse and obtain a remotely invoked
class in the first source code. In the embodiment, the parsing module is
a syntactic parser which is invoked after the integrated environment
information is obtained by a plug-in;

[0060]A processing module adapted to extract a namespace and a method of
the class obtained by the parsing module to form a new class, and write
in the new class a remote invocation instruction for remotely invoking
the new class in the first source code to generate second source code.
The new class is formed by empty functions; and both the remotely invoked
class obtained by the parsing module and the new class are classes that
inherit the MarshalByRefObject class.

[0061]A compiling module adapted to compile the first source code into the
first assembly, and compile the second source code obtained by the
processing module into a second assembly;

[0062]The second device includes:

[0063]A storage module adapted to store the second assembly generated by
the compiling module of the first device;

[0064]An invocation module adapted to execute the second assembly stored
in the storage module of the second device, invoke the first assembly
stored in the .NET card via an interface of the .NET card when the remote
invocation instruction is executed, and receive the execution result
returned by the .NET card via an interface of the .NET card.

[0065]In the embodiment, the first device is a device of a .NET card
producer; the second device is a device of a .NET card user. The second
assembly generated by compiling the second source code and the .NET card
are provided to the user, and the user can add the second assembly to a
project and the second assembly can be invoked when the project is
executed. The second assembly invokes the corresponding class in the .NET
card according to the remote invocation instruction. Specifically, the
remote invocation instruction is remoting.

[0066]Furthermore, the invocation module of the second device is adapted
to execute the second assembly stored in the storage of the second
device; invoke the first assembly stored in the .NET card via a client
channel ClientChannel when the remote invocation instruction is executed,
and receive the execution result returned by the .NET card via a service
channel of the .NET card ServerChannel.

[0067]Specifically, while executing the second assembly in the
application, the invocation module of the second device invokes an
application-side Client Framework. The Client Framework includes a client
channel ClientChannel which invokes the first assembly according to the
ISO7816 protocol. The first assembly is executed in the .NET card, after
which the .NET card returns the execution result to the client channel
ClientChannel via a service channel of the .NET card ServerChannel. The
communication between the client channel ClientChannel and the service
channel ServerChannel can be done via a PC/SC, HID or SCSI interface. The
service channel ServerChannel built in the .NET card implements an
IChannelReceiver interface and an IChannel interface of Microsoft. The
client channel ClientChannel built in the client framework implements an
Microsoft IChannelSender interface and an IChannel interface of
Microsoft.

[0068]In the embodiment, the first source code can be written in C#,
VB.NET, J# or C++; the second source code can be written in C#, VB.NET,
J# or C++.

[0069]In the embodiment, the first assembly stored in the .storage module
of the .NET card is a .NET managed DLL file which can be invoked by other
assemblies.

[0070]According to the embodiments, protected source code is compiled into
an assembly and written to a .NET card, and a new assembly including a
remote invocation instruction is generated based on a remotely invoked
class in the source code. Therefore a user can add the new assembly
directly to his project for use, which is easy and may reduce the
workload. Furthermore, the assembly written to the .NET card is prevented
from being disclosed, thereby guaranteeing the safety of the code.

[0071]Preferred embodiments are described above, which is not intended to
limit the invention. Any modification, equivalents and improvement
without departing from the spirit and principle of the invention should
be included in the scope of the invention.